fixed string backslash unescaping routines to correctly unescape double backslash uses and thus allow to define e.g. \t by using a \\t string which were not possible before (#514).

implemented missing break and continue statements to break out of while() and foreach() loops and to also continue with the next iteration like this is commonly performed in other script languages (#224).

fixed bug where elseif() within a while()/foreach() loop didn't work as expected but was quiting the loop too early (#404).

fixed webserver to only create and reserve a session ID in case a successful user login is performed (either manual or autologin). This should prevent from Denial-of-Service (DoS) situations where certain internal service could send multiple web requests to identify if a http server is running and thus could eat up all available session slots ending up in "Zu viele gleichzeitige Verbindungen" errors.

fixed http response to manage more than 800kb of response payload so that the internal web server of ReGaHss can manage way larger http response data. This should finally allow to, e.g. serve larger system variables http displays at Settings -> Systemvariables with, e.g. ~1k of system variables or with longer device list web pages.

integrated fixed hs485dLoader to forward the config file path to the main hs485d daemon on execution.

updated hmip-copro-update.jar to use the latest version available.

optimized NTP startup to reset to the default NTP server string in case ntp.homematic.com is still used which is not reliable enough anymore. Also added checks for valid NTP servers after having called "ntpdate" so
that the NTP startup also uses the default NTP servers as a fallback.

reworked DutyCycle query script to read out ReGaHss and HmIPServer port settings from the corresponding files in /etc and to also correctly updated the "Wired-Status" system variable for BidCos-Wired installations.

fixed problem that the recovery system could not update installations where the rootfs is located on a USB driven device that requires more time to be initialized. Now the recovery system will wait until the
device is properly setup (#377).

reduced SetInterfaceClock execution to be performed only once per day. This should slightly reduce the DutyCycle by 1-2% compared to the 3.37.x and earlier firmware versions.

integrated slightly fixed firewall setup script which also take care of correctly setting up firewall settings for HmIP-Wired Gateway connections.

modified firewall to use a final REJECT rule so that not allowed packages are rejected rather than simply dropped. This should improve response times for services trying to access blocked ports which seems to be more adequate for an internal network use-case of a CCU (#486).

removed CUxD specific cuxd.ini patch since the latest CUxD 2.2.0+ version integrated an automatic port identification mechanism. Thus, CUxD 2.2.0 and newer should be used now.

updated recovery system to also start ssdpd and eq3configd to provide basic CCU search mechanisms so that a CCU device in recovery mode can also be found using the eQ3 NetFinder tool.

updated standard update_script to use more verbose/easier output messages when performing the update using the ccu3 update archive.

fixed support for only connecting a HM-CFG-USB-2 usb stick as a BidCos-RF module so that HmIPServer & co still work correctly and allow to manage virtual groups, etc.

fixed bug where upon enabling/disabling the "Authentication" settings under "Settings->Security->Authentication" required to completely restart the CCU device rather than correctly reloading all lighttpd configurations.

added new WebUI bugfix patch to fix Session.login JSON rpc calls which does not work with the latest ReGaHss session ID generation anymore. Now it will retrieve a new session ID right after having authenticated a user rather than first getting a session ID (which isn't possible anymore without any authentication).

added WebUI fix for fixing two security vulnerabilities (CVE-2018-7296, CVE-2018-7300) by changing the access levels for certain public JSON rpc functions from NONE to USER and removing obsolete ones.

The following installation archives (*.zip files) can be downloaded for selected hardware platforms (including a *.tgz update archive to upgrade from a CCU3 firmware to RaspberryMatic). To verify their integrity a sha256 checksum is listed as well. Please upload these zip files using the WebUI-based update mechanism available: